Which of the following tasks is NOT the responsibility of a forensic investigator?Group of answer choicesReconstruct the damaged storage devicesIdentify and recover data required for investigationConfigure network componentsEnsure appropriate handling of the evidence

Which of the following tasks is the responsibility of a forensic investigator?Group of answer choicesConfigure network componentsManage servers and operating systemsUpdate and release patches for devicesEvaluate the damage due to a security breach

Which of the following are important to consider when planning an investigation?Question 1Select one:a.Getting the right people for the investigationb.Providing a secure work areac.Providing a secure storage aread.B and Ce.A, B, and CClear my choiceQuestion 2Not yet answeredPoints out of 1.00Flag questionTipsQuestion textChallenges collecting and analyzing digital evidence includeQuestion 2Select one:a.User attributionb.Legal search authorityc.Full disk encryptiond.All of the above.Clear my choiceQuestion 3Not yet answeredPoints out of 1.00Flag questionTipsQuestion textWhich of the following questions would not be answered by the investigation plan?Question 3Select one:a.What is the sex of the suspect?b.Where is the evidence likely to be located?c.What skills are needed to extract the evidence?d.What local laws and court processes will affect this investigation?Clear my choiceQuestion 4Not yet answeredPoints out of 1.00Flag questionTipsQuestion textForensics plays a role in which of the following:Question 4Select one or more:a.Civil casesb.Criminal Casesc.Personal disagreements between neighborsd.All of the abovee.None of the aboveQuestion 5Not yet answeredPoints out of 1.00Flag questionTipsQuestion textUnauthorized access to computer systems where protected data may have been stolen, is an example of a crime where the computer is:Question 5Select one:a.Incidental to another crimeb.The primary target for the crimec.The instrument of the crimed.All of the abovee.None of the above

Question 1Digital forensics is commonly applied to which of the following activities?1 pointCriminal investigationIncident handlingData recoveryAll of the above2.Question 2NIST includes which three (3) as steps in collecting data? (Select 3)1 pointAcquire the dataDevelop a plan to aquire the dataNormalize the dataVerify the integrity of the data3.Question 3What is the primary purpose of maintaining a chain of custody?1 pointTo keep valuable hardware securely locked to tables or floors.To avoid allegations of mishandling or tampering of evidence.To allow for accurate client billingSo a person in possession of evidence will know who they are allowed to give it to next4.Question 4True or False. Digital forensics had been used to solve a number of high-profile violent crimes.1 pointTrueFalse5.Question 5True or False. Digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.1 pointTrueFalse6.Question 6Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?1 pointOverview & Case SummaryForensic Acquisition & Examination PreparationFindings & AnalysisConclusion7.Question 7Which types of files are appropriate subjects for forensic analysis?1 pointData filesImage and video filesApplication filesAll of the above8.Question 8Deleting a file results in what action by most operating systems?1 pointThe memory registers used by the file are marked as available for new storage but are otherwise not changed.The file is copied to a trash or recycle folder and the original memory registers are erased.Random data is immediately copied into the memory registers used by the file to obfuscate the previous contents.The memory registers used by the file are erased and marked as available for new storage.9.Question 9Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?1 pointAn incremental backupA logical backupA disk-to-file backupA disk-to-disk backup10.Question 10How does a forensic analysis use hash sets acquired from NIST's Software Reference Library project?1 pointThey provide a record of known encrypted malware.They can quickly eliminate known good operating system and application files from consideration.Hashes will help you quickly zero in on deleted files.They are useful in identifying files that were created outside the United States.11.Question 11Which three (3) of the following data types are considered non-volatile? (Select 3)1 pointSwap filesLogsFree spaceDump files12.Question 12Configuration files are considered which data type?1 pointStaticNon-volatileDynamicVolatile13.Question 13True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.1 pointTrueFalse14.Question 14Which three (3) of the following are application components? (Select 3)1 pointOSI Application Layer protocolsData filesAuthentication mechanismsApplication architecture15.Question 15Which of these applications would likely be of the least interest in a forensic analysis?1 pointChatWeb host dataEmailPatch files16.Question 16The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)1 pointIPv4 / IPv6LDAPICMPUDP17.Question 17Which device would you inspect if you were looking for event data correlated across a number of different network devices?1 pointIntrusion detection systemPacket snifferRemote access serverFirewall18.Question 18Which of these sources might require a court order in order to obtain the data for forensic analysis?1 pointSystem Event Management systemsFirewallsIntrusion detection systemsISP records

46.0% completeQuestionA computer security team investigates a high-level computer breach at a large company. While investigating one of the computers in question, the team found that computer equipment was improperly secured, causing the equipment to be passed around during the investigation with no tracking. With respect to digital forensics, what are the primary concerns for the team from this discovery? (Select all that apply.)A.Incident documentationB.Latent evidenceC.Chain of custodyD.Data integrity

What role do forensic scientists not offer in the courtroom process?Question 8Select one:Expert witness Support in the preparation and presentation of evidence to the courtA direct point of contact for jurors who may have questions about the forensic evidence being presentedDevelopment of legislation to ensure that police adhere to appropriate processes and techniques